<?php
/**
 * Created by PhpStorm.
 * User: dehong
 * Date: 2016/9/13
 * Time: 21:39
 */
session_start();
// 定义个常量，用来调用includes里面的文件
define('IN_TG',true);
// 用来指定本页内容
define('SCRIPT','login');
// 引入公共文件
require dirname(__FILE__).'/includes/common.inc.php'; // 转换成硬路径,速度更快
// 登录状态
_login_status();
// 开始处理登录状态
if(@$_GET['action'] == 'login'){
    // 防止恶意注册，跨站攻击
    if(!empty($_system['code'])){
        _check_code($_POST['code'],$_SESSION['code']);
    }
    // 引入验证文件
    include ROOT_PATH.'includes/login.func.php';
    // 接受数据
    $_clean = array();
    $_clean['username'] = _check_username($_POST['username'],2,20);
    $_clean['password'] = _check_password($_POST['password'],6,20);
    $_clean['time'] = _check_time($_POST['time']);
    // 到数据库验证
    $_sql = "SELECT tg_username,tg_uniqid,tg_level FROM tg_user WHERE tg_username='{$_clean['username']}' AND tg_password='{$_clean['password']}' AND tg_active=''";
    if(!!$_rows = _query($_sql)){
        // 登陆成功后，记录登录信息
        $_time = time();
        $_sql="UPDATE tg_user SET tg_last_time='{$_time}',tg_last_ip='{$_SERVER['REMOTE_ADDR']}',tg_login_count=tg_login_count+1 WHERE tg_username='{$_rows['tg_username']}'";
        $GLOBALS['dbh']->exec($_sql) or die(print_r($GLOBALS['dbh']->errorInfo(), true));
        _setcookies($_rows['tg_username'],$_rows['tg_uniqid'],$_clean['time']);
        if($_rows['tg_level'] == 1){
            $_SESSION['admin'] = $_rows['tg_username'];
        }
        $GLOBALS['dbh'] = null;
        _location(null,'member.php');
    }else{
        $GLOBALS['dbh'] = null;
        _location('用户名密码不正确或者该账户未被激活!','login.php');
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <?php require ROOT_PATH.'includes/title.inc.php'; ?>

    <script type="text/javascript" src="js/code.js"></script>
    <script type="text/javascript" src="js/login.js"></script>
</head>
<body>
<?php require ROOT_PATH."includes/header.inc.php"; ?>
    <div id="login">
        <h2>登录</h2>
        <form action="login.php?action=login" name="login" method="post">
            <dl>
                <dt>    </dt>
                <dd>用 户 名：<input type="text" name="username" class="text" /></dd>
                <dd>密&nbsp;&nbsp;码：<input type="password" name="password" class="text" /></dd>
                <dd>保&nbsp;&nbsp;留：<input type="radio" name="time" value="0" checked="checked" />不保留&nbsp;<input type="radio" name="time" value="1" />一天&nbsp;<input type="radio" name="time" value="2" />一周&nbsp;<input type="radio" name="time" value="3" />一月</dd>
                <?php if(!empty($_system['code'])){?>
                <dd>验 证 码：<input type="text" name="code" class="text code" /><img src="code.php" alt="验证码" id="code" /></dd>
                <?php } ?>
                <dd><input type="submit" class="button" value="登录" /><input type="button" value="注册" id="location" class="button location"/></dd>
            </dl>
        </form>
    </div>


<?php require ROOT_PATH."includes/footer.inc.php"; ?>
</body>
</html>